locked
Find a hidden delegate in Exchange 2010sp1 RRS feed

  • Question

  • I've just migrated "successfully" from Exchange 2003 to Exchange 2010!  I have a couple ghosts to clean up.

    In our Exchange 2003 environment we had a single mailbox set as "everyone's" delegate. (don't ask) 

    I had one user that I had to use MFCMapi before migration to clear up (remove) a hidden instance of this delegate.

    Now that everyone is migrated to Ex10sp1, I've got one user that has that delegate, that I can't see.  It isn't listed in Outlook 2007, it isn't listed in "Get-calendarprocessing" 

    But when an apt is scheduled, the old delegate gets the appointment :( 

    I've started looking in the mailbox using ExFolders, but I'm not finding any delegate either :( 

    any ideas or suggestions, pointers ? 

    Thank you! 

    JLH 

     


    JLH
    Tuesday, April 12, 2011 10:25 PM

Answers

  • Look in adsiedit for publicDelegates on the user account.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by emma.yoyo Friday, April 15, 2011 2:12 AM
    Wednesday, April 13, 2011 12:38 AM
  • You can do an ADSI query using something like LDP.  Your query would be something like:

    (publicDelegates=CN=Potter\, Harry,OU=Students,DC=hogwarts,DC=edu)

    You might also want to look for alternate recipients:

    (altRecipient=CN=Potter\, Harry,OU=Students,DC=hogwarts,DC=edu)

    In both cases, the thing you're searching for is the distinguished name of the user who's the delegate or alternate recipient.

    This won't find delegates who simply have folder rights--that's a far more complicated effort that can't be accomplished by a simple query. 

    And I just noticed that you want to do this in Exchange 2010 SP1.  I was fixated on your mention of Exchange 2003.  In the Exchange Management Shell you could enter:

    Get-Mailbox -ResultSize Unlimited | Where {$_.ForwardingAddress -eq "hogwarts.edu/Students/Potter, Harry"}

    Get-Mailbox -ResultSize Unlimited | Where {$_.GrantSendOnBehalfOfTo -eq "hogwarts.edu/Students/Potter, Harry"}

    This will take a long time to run if you have a large AD, but you only need to run it once, right?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral proble
    • Marked as answer by joelhuebner Friday, April 15, 2011 6:04 PM
    Wednesday, April 13, 2011 12:47 AM
  • ADSIEdit was my clue... 

     

     my “hack” of publicDelegates worked,  (add someone, remove someone) got rid of the ghost!

     

    That worked.. Thank you All 

     

    JLH
    • Marked as answer by joelhuebner Thursday, April 14, 2011 6:52 PM
    Thursday, April 14, 2011 6:52 PM

All replies

  • Look in adsiedit for publicDelegates on the user account.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by emma.yoyo Friday, April 15, 2011 2:12 AM
    Wednesday, April 13, 2011 12:38 AM
  • You can do an ADSI query using something like LDP.  Your query would be something like:

    (publicDelegates=CN=Potter\, Harry,OU=Students,DC=hogwarts,DC=edu)

    You might also want to look for alternate recipients:

    (altRecipient=CN=Potter\, Harry,OU=Students,DC=hogwarts,DC=edu)

    In both cases, the thing you're searching for is the distinguished name of the user who's the delegate or alternate recipient.

    This won't find delegates who simply have folder rights--that's a far more complicated effort that can't be accomplished by a simple query. 

    And I just noticed that you want to do this in Exchange 2010 SP1.  I was fixated on your mention of Exchange 2003.  In the Exchange Management Shell you could enter:

    Get-Mailbox -ResultSize Unlimited | Where {$_.ForwardingAddress -eq "hogwarts.edu/Students/Potter, Harry"}

    Get-Mailbox -ResultSize Unlimited | Where {$_.GrantSendOnBehalfOfTo -eq "hogwarts.edu/Students/Potter, Harry"}

    This will take a long time to run if you have a large AD, but you only need to run it once, right?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral proble
    • Marked as answer by joelhuebner Friday, April 15, 2011 6:04 PM
    Wednesday, April 13, 2011 12:47 AM
  • Nope,not there.

    I was going to try to insert an entry & remove it, but I'm not sure of thy syntax, it won't take a username, or an email address.  Does it need a "CN" entry or something else? 

    Thank you! 

    JLH


    JLH
    Wednesday, April 13, 2011 1:35 PM
  • Ed, 

     

    That was a fun query, thank you. My domain has ~2k objects, so the query took ~ a minute.  I didn't find my "hiding delegate" but I seem to have found some other mess. :( 

     

     

     

    [PS] C:\Windows\system32>Get-Mailbox -ResultSize Unlimited | Where {$_.GrantSendOnBehalfOfTo -eq "hogwarts.edu/Students/Information Technology/IT Calendar"}

    WARNING: The object hogwarts.edu/Students/Graphics/Graphics Scanner has been corrupted, and it's in an

     inconsistent state. The following validation errors happened:

    WARNING: Database is mandatory on UserMailbox.

    WARNING: Database is mandatory on UserMailbox.

    WARNING: The object hogwarts.edu/Users/Bob has been corrupted, and it's in an inconsistent state. The

    following validation errors happened:

    WARNING: Database is mandatory on UserMailbox.

    WARNING: Database is mandatory on UserMailbox.

    [PS] C:\Windows\system32>

     

     

    The user "Bob" and "Graphics Scanner" are "utility accounts" I have not migrated, but seem to have some other issue.

    I guess I start w/ MFCMapi on those 2 mailboxes since they appear to still be on Ex03, after further investigation on the Ex03 box, those mailboxes do not exist there.

     

    It's a new joy every day...

     

    Thank you 

     

    JLH 


    JLH
    Wednesday, April 13, 2011 2:02 PM
  • You're welcome.

    If you're happy with my answer, please mark it Answered and/or Helpful.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Wednesday, April 13, 2011 2:56 PM
  • ADSIEdit was my clue... 

     

     my “hack” of publicDelegates worked,  (add someone, remove someone) got rid of the ghost!

     

    That worked.. Thank you All 

     

    JLH
    • Marked as answer by joelhuebner Thursday, April 14, 2011 6:52 PM
    Thursday, April 14, 2011 6:52 PM